witness: sleepable rm locks are not sleepable in read mode
ClosedPublic
Actions

Authored by rlibby on Nov 24 2019, 6:50 AM.

Details

Reviewers

cem
markj
jhb

Commits

rS355126: witness: sleepable rm locks are not sleepable in read mode

Summary

There are two classes of rm lock, one "sleepable" and one not. But even
a "sleepable" rm lock is only sleepable in write mode, and is
non-sleepable when taken in read mode.

Warn about sleepable rm locks in read mode as non-sleepable locks. Do
this by defining a new lock operation flag, LOP_NOSLEEP, to indicate
that a lock is non-sleepable despite what the LO_SLEEPABLE flag would
indicate, and defining a new witness lock instance flag, LI_SLEEPABLE,
to track the product of LO_SLEEPABLE and LOP_NOSLEEP on the lock
instance.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

rlibby created this revision.Nov 24 2019, 6:50 AM

Harbormaster completed remote builds in B27732: Diff 64791.Nov 24 2019, 6:50 AM

rlibby mentioned this in D22528: sysctl sysctls: wire old buf before output with sysctl lock.Nov 24 2019, 6:53 AM

rlibby added a reviewer: jhb.Nov 24 2019, 6:55 AM

As far as I know the only reason to disallow sleeping readers is that rmlock trackers typically live on the stack, and the stacks of sleeping threads may be swapped out. That seems like a fairly dubious reason in this day and age - do you know of any other reasons?

In D22527#492846, @markj wrote:

As far as I know the only reason to disallow sleeping readers is that rmlock trackers typically live on the stack, and the stacks of sleeping threads may be swapped out. That seems like a fairly dubious reason in this day and age - do you know of any other reasons?

As in, is it accidental or fundamental that sleepable rm locks are not sleepable in read mode? I don't know.

I'm not sure if stack swapping is the only potential problem. I see the implementation referencing turnstiles... I think that implies a deeper interaction with non-sleepability. To be honest I don't know either turnstiles or the rm lock implementation that well.

In D22527#492846, @markj wrote:

As far as I know the only reason to disallow sleeping readers is that rmlock trackers typically live on the stack, and the stacks of sleeping threads may be swapped out. That seems like a fairly dubious reason in this day and age - do you know of any other reasons?

Yeah, that looks about right to me. Also, looks like it's ISLN's fault: rS212112 , rS252209 , rS287833 .

You would need to disallow swapping out the kernel portion of thread stacks which are holding an rmlock read lock (at least, if the tracker looks like it's on the local thread's stack — which is fairly easy to check and we do for some other things already).

It doesn't look like you can solely clear TDF_CANSWAP, because that is set/cleared internally by ULE without checking existing state. It seems like threads with priority < PSOCK are never swapped out, so you could temporarily bump the rlock'd thread's priority and restore at unlock. But obviously that seems brittle / depends on special knowledge of ULE internals (amusingly, the same priority works for sched_4bsd too). Maybe a new flag in td_pflags and slight change to the scheduler? Is it acceptable that sleepable rdlock'd threads are unswappable while sleeping?

In D22527#492862, @rlibby wrote:

In D22527#492846, @markj wrote:

As far as I know the only reason to disallow sleeping readers is that rmlock trackers typically live on the stack, and the stacks of sleeping threads may be swapped out. That seems like a fairly dubious reason in this day and age - do you know of any other reasons?

As in, is it accidental or fundamental that sleepable rm locks are not sleepable in read mode? I don't know.

I'm not sure if stack swapping is the only potential problem. I see the implementation referencing turnstiles... I think that implies a deeper interaction with non-sleepability. To be honest I don't know either turnstiles or the rm lock implementation that well.